We would like to implement authorization using keycloak in Appian. Can anyone suggest anything
Discussion posts and replies are publicly visible
To make a suggestion depends on knowledge about your infrastructure. What kind of protocol you are trying to use?SAML 2.0?Then the approach should be pretty much forward. 1. Install the Keycloak Servers2. Establish the SSO with the Keycloak Servers - e.g. connection to LDAP etc.3. Configure Appian for SAML 2.0 usage at the Admin Page referring to the Keycloak URL
Following both documentions - Appian and Keycloak - it should be possible
Hi Juergeng
Thanks for the inputs, our requirement for SSO is as follows.
1. We have users internal to our organization in which we are already using Appian inbuilt SAML 2.0 with our organization infrastructure to authenticate with SSO during Appian accessing of sites and tempos.
2. We have to implement Keycloak for our external users which are not in our organization so that they can be authenticated using SSO in Appian.
Since we are already using the SAML 2.0 of Appian for our internal organization users , how can we leverage the same for "Keycloak" for external users.
Please help!!
Hi,you just follow the documentation here:https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#saml-authentication
https://docs.appian.com/suite/help/21.1/SAML_for_Single_Sign-On.html#how-to-add-a-saml-identity-provider
You can just add another SAML Identity provider. And of course you might specify the landing page for the external users in the Admin Console based on their group membership. The SAM assertions supports now the group attribute.
https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#user-start-pages
You might have to consider the overall architecture of the Appian Platform. Not sure if you are on premise or on cloud. The load balancer you are using has to be configured exposing the Appian Platform with an external IP. You might consider to put a rule into your Web Application Firewall (WAF) to prevent the external URL is accessible for the public. Even if you are on the Cloud already that might be a good idea.